<?php
include_once("secret/sessionmanager.php");
initSession();
include "secret/config.php";
include "secret/attributes.php";

if (!isset($_SESSION['lang'])) {
	$_SESSION['lang'] = $default_language;
}

switch ($_SESSION['lang']) {
	case "chinese" : include "languages/chinese.inc.php"; break;
	case "english" : include "languages/english.inc.php"; break;
	default : include "languages/chinese.inc.php"; break;
}


?>
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php echo PROGRAM_NAME; ?></title>
<meta http-equiv="content-type" content="text/html; charset=<?php echo $default_charset; ?>">
<link rel="stylesheet" type="text/css" href="secret/styles.css" />
</head>
<body>
<?php
$loginusername = "";
$email = "";
mysql_connect($dbhost,$dbusername,$dbpassword);
mysql_select_db($dbname);
?>
<table class="standard" cellpadding="0" cellspacing="0" border="0" style="margin-top:200px; width:250px;" align="center">
<tr class="firstcolor"><td colspan="2" align="center" class="tblhead"><?php echo PROGRAM_NAME." ".VERSION." - ".LOSTPW_TITLE; ?></td></tr>
<tr class="firstcolor"><td colspan="2" align="center"><?php echo $owner; ?></td></tr>
<tr class="firstcolor"><td colspan="2" align="center">&nbsp;</td></tr>
<tr class="firstcolor"><td align="center">

<?php 
if (isset($_POST['loginusername'])) {
	// get all req. information
	$loginusername  = mysql_real_escape_string(trim(stripslashes($_POST['loginusername'])));
	$email          = trim(stripslashes($_POST['email']));
	if (empty($loginusername) && (empty($email) ||
	preg_replace("/([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})/","",$email) != "" ))
	{
		$error_occured = true;
	} else {
		// generate new Password

		if (empty($email)) {
			$query = "SELECT count(*) as anzahl FROM $utablename WHERE username != 'admin' AND username='$loginusername'";
			$query2 = "UPDATE $utablename SET userpass='?' WHERE username='$loginusername'";
			$query3 = "SELECT username,email FROM $utablename WHERE username != 'admin' AND username='$loginusername'";
		} elseif (empty($loginusername)) {
			$query = "SELECT count(*) as anzahl FROM $utablename WHERE email='$email'";
			$query2 = "UPDATE $utablename SET userpass='?' WHERE email='$email'";
			$query3 = "SELECT username,email FROM $utablename WHERE email='$email'";
		} else {
			$query = "SELECT count(*) as anzahl FROM $utablename WHERE username != 'admin' AND email='$email' AND username='$loginusername'";
			$query2 = "UPDATE $utablename SET userpass='?' WHERE email='$email' AND username='$loginusername'";
			$query3 = "SELECT username,email FROM $utablename WHERE username != 'admin' AND email='$email' AND username='$loginusername'";
		}

		$res = mysql_query($query) or die(mysql_error());
		if (!$res) {
			$error_occured = true;
			echo "<div class=\"failure\" style=\"padding-bottom:5px;\">".LOSTPW_ERROR1."</div>";
		} else {
			$line = mysql_fetch_object($res);
			if ($line->anzahl != 1) {
				$error_occured = true;
				echo "<div class=\"failure\" style=\"padding-bottom:5px;\">".LOSTPW_ERROR2."</div>";
			} else {
				// exactly one entry where password should be changed
				$res = mysql_query($query3) or die(mysql_error());
				if (!$res) {
					$error_occured = true;
					echo "<div class=\"failure\" style=\"padding-bottom:5px;\">".LOSTPW_ERROR1."</div>";
				} else {
					$line = mysql_fetch_object($res);
					$email = $line->email;
					$loginusername = $line->username;
					$newpassword = substr(md5(time()),rand(0,26),6);

					$query2 = str_replace("?",md5($newpassword),$query2);
					$res = mysql_query($query2) or die(mysql_error());
					if (!$res) {
						$error_occured = true;
						echo "<div class=\"failure\" style=\"padding-bottom:5px;\">".LOSTPW_ERROR1."</div>";
					} else {
						// Password Changed - send email
						$emailtext = LOSTPW_EMAIL_TEXT1.":\n\n".LOSTPW_EMAIL_TEXT2.": ".$loginusername."\n".LOSTPW_EMAIL_TEXT3.": ".$newpassword."\n";

						$headers = "From: ".$email_from."\r\n" .
						'X-Mailer: PHP/' . phpversion() . "\r\n" .
						"MIME-Version: 1.0\r\n" .
						"Content-Type: text/html; charset=utf-8\r\n" .
						"Content-Transfer-Encoding: 8bit\r\n\r\n";
						// Send
						$result = mail($email, LOSTPW_EMAIL_SUBJECT, $emailtext, $headers);
						if($result == true) {
							echo "<div class=\"success\">".LOSTPW_INFO2."</div>";
						} else {
							echo "<div class=\"failure\">".LOSTPW_ERROR3."</div>\n";
						}
						echo '<div style="padding-top:10px;"><input class="button" type="submit" name="'.urlencode(LOSTPW_BUTTON2).'" value="'.LOSTPW_BUTTON2.'" onclick="window._content.document.location=\'index.php\'" /></div>';
					}
				}
			}
		}
	}
}
if ((isset($error_occured) && $error_occured) || !isset($_POST['loginusername'])) {
	if (!isset($error_occured)) $error_occured = false;
	// show registration Screen
	echo '
	<form action="lost_password.php" method="POST">
	<table width="100%" border="0" cellpadding="0" cellspacing="0" class="standard">
	<tr class="firstcolor"><td colspan="2">'.LOSTPW_INFO1.'</td></tr>
	<tr class="firstcolor"><td colspan="2">&nbsp;</td></tr>
	<tr class="firstcolor"><td>'.REGISTER_LOGINNAME.':</td><td><input type="text" name="loginusername" maxlength="20" class="textfield" value="'.$loginusername.'" style="width:100px;" /></td></tr>
	<tr class="firstcolor"><td>'.REGISTER_EMAIL.':</td><td><input type="text" name="email" maxlength="50" class="textfield" value="'.$email.'" style="width:100px;" /></td></tr>
	<tr class="firstcolor"><td colspan="2">&nbsp;</td></tr>
	<tr class="firstcolor"><td colspan="2" align="center"><input class="button" type="submit" name="'.urlencode(LOSTPW_BUTTON1).'" value="'.LOSTPW_BUTTON1.'"></td></tr>
	</table>	
	</form>
	';
}

?>
</td>
</tr>
</table>
</body>
</html>